January 17, 2003 11:03 AM PST

Building a better spam trap

Related Stories

CipherTrust wants your spam

November 21, 2002

You've got spam, and more spam

August 29, 2002

Canning spam without eating up real mail

July 12, 2002
CAMBRIDGE, MASS.--If experts here get their way, spam may soon be dead meat.

Unsolicited e-mail messages, or spam, are on track to make up the majority of traffic on the Internet. But a group of researchers and developers gathered here Friday hopes to halt that by coming up with better ways of blocking those messages from consumers' in-boxes.

The Spam Conference, held at the Massachusetts Institute of Technology, was originally intended to be an informal gathering of 30 people or so. But more than 500 registered to discuss and debate the best way to battle the problem.

"Spam-filtering is shooting at a target that is not just moving, it's taking evasive action," said Bill Yerazunis, a research scientist at the Mitsubishi Electronics Research Lab and the author of the CRM114 Discriminator, a spam filter.

Earlier methods of fighting spam focused on certain aspects: blocking e-mail from an address, or with the word sex in the subject line, for example. But spammers have found many ways to bypass these methods.

More recently, spam-fighters have been looking at statistical analysis to help determine whether a message is spam or not. Programmers can use large archives of known junk e-mail to search for patterns and properties, then use those results to test incoming mail.

Those filtering methods can help combat one problem in spam-fighting: false positives, which lead legitimate e-mail to get mislabeled as spam. And the methods may also be more difficult for spammers to fight than traditional defenses.

"Spammers haven't yet made a concerted effort to get past statistical filters," software developer Paul Graham said at the conference.

And the more consumers use statistical filters, the more difficult it gets for spammers to get mail through, Graham said. Since people's filters will be based on their in-box, there will be slight differences, he said.

While much of the discussion at the conference centered on the technical issues, some attendees did address the need for a more concerted effort to set up formal structures for fighting spam.

While many developers are working on new methods of filtering, for instance, there is a need for other types of tools, such as methods of visualizing and measuring global spam activity, said Paul Judge, director of research and development at e-mail security company CipherTrust.

Last November, CipherTrust set up the SpamArchive, a public database of junk e-mail that developers can use to study and test solutions on.

Of course, one of the main problems is that spammers can be as creative as spam fighters, figuring out ways around blockades and filters.

And as e-mail usage spreads beyond PCs, fighting spam can mean more than just saving time, it can mean saving money. For instance, consumers who download e-mail on smart phones may have to pay for every byte they download.

"The technical ability (of spammers) should be respected," said John Graham-Cumming, the author of the POPFile e-mail filter. "But the real costs of spam can't be ignored."

1 comment

Join the conversation!
Add your comment
Building a better filter is great, but not the solution
I'm sure that since the spam conference a variety of new and better filtering techniques have been developed. And into the forseeable future, filters will only get better, smarter, and more bloated. But, folks, the truth is that no filter can ever be perfect. It's a mathematical truth.

What is needed in addition to better filters is better ways to get trusted email past the filters. One technique that works with existing infrastructure and has various advantages is MailChannels (www.mailchannels.com). They way it works is by assigning a different email address to each contact -- so rather than always sending mail to one address, each contact gets a different address to send to.

But what's really unique about their approach is that it works at the domain level, which means traffic can be directed to different mail servers depending on its required quality of service. Really important mail can flow through a high bandwidth box with no filtering. Unknown email can flow through a 1kbps gateway with extensive content filtering and greylisting. It's up to you.

MailChannels looks early stage at the moment, but what they have has huge potential. It's simple, works with everything, and threatens no one. That's a recipe for success. (www.mailchannels.com)
Posted by ttul (34 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.